CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,468 vulnerabilities with CWE-79
CVE-2024-2166 HIGH
Forcepoint Email Security <8.5.5 HF003 - XSS
CVSS 8.8
CVE-2024-45399 MEDIUM
Indico < 3.3.4 - Cross-Site Scripting via Account Creation Next URL Parameter
CVSS 4.3
CVE-2024-45177 MEDIUM
za-internet C-MOR Video Surveillance <6.00PL01 - XSS
CVSS 5.4
CVE-2024-44818 MEDIUM
zzcms < 2023 - Cross-Site Scripting via HTTP_Referer Header in caina.php
CVSS 5.4
CVE-2024-8411 LOW
ABCD ABCD2 <= 2.2.0-beta-1 - Cross-Site Scripting via Sub_Expresion Argument
CVSS 3.5
CVE-2024-7077 MEDIUM
Semtek Sempos <= 31072024 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2024-44820 MEDIUM
ZZCMS < 2023 - Sensitive Information Disclosure via eginfo.php phome Parameter
CVSS 6.1
CVE-2024-44819 MEDIUM
ZZCMS < 2023 - Cross-Site Scripting via pagename Parameter in admin/del.php
CVSS 6.1
CVE-2024-8407 LOW
alwindoss akademy - Cross-Site Scripting via emailAddress Parameter
CVSS 3.5
CVE-2024-8413 MEDIUM
raspcontrol - Cross-Site Scripting via Action Parameter in index.php
CVSS 5.4
CVE-2024-8318 MEDIUM
Attributes for Blocks <= 1.0.6 - Authenticated Stored Cross-Site Scripting via attributesForBlocks Parameter
CVSS 6.4
CVE-2024-8119 MEDIUM
WP Extended <= 3.0.8 - Unauthenticated Reflected XSS via Page Parameter
CVSS 6.1
CVE-2024-8117 MEDIUM
The Ultimate WordPress Toolkit - WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option Parameter
CVSS 6.1
CVE-2024-8325 MEDIUM
Blockspare: Gutenberg Blocks & Patterns - XSS
CVSS 6.4
CVE-2024-6889 MEDIUM
Secure Copy Content Protection and Content Locking < 4.1.7 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-6888 MEDIUM
Secure Copy Content Protection and Content Locking < 4.1.7 - Authenticated Stored Cross-Site Scripting via Settings
CVSS 4.8
CVE-2024-6722 MEDIUM
Chatbot Support AI < 1.0.2 - Authenticated Stored XSS in Plugin Settings
CVSS 4.8
CVE-2024-6020 MEDIUM
Sign-up Sheets < 2.2.13 - Reflected Cross-Site Scripting via REQUEST_URI Parameter
CVSS 6.1
CVE-2024-45389 MEDIUM
Pagefind < 1.1.1 - Cross-Site Scripting via document.currentScript.src Clobbering
CVSS 6.4
CVE-2024-45180 MEDIUM
SquaredUp DS for SCOM 6.2.1.11104 - XSS
CVSS 5.4
CVE-2024-43413 LOW
Xibo < 4.1.0 - Authenticated Stored Cross-Site Scripting via DataSet HTML Column
CVSS 3.5
CVE-2024-42904 MEDIUM
syspass 3.2.0-3.2.10 - Cross-Site Scripting via Client Name Parameter
CVSS 6.1
CVE-2024-42901 MEDIUM
Lime Survey <6.5.12 - Code Injection
CVSS 4.8
CVE-2024-43412 MEDIUM
Xibo < 4.1.0 - Authenticated Stored Cross-Site Scripting via File Preview Function
CVSS 4.6
CVE-2024-7654 HIGH
Progress OpenEdge < 11.7.19 and 12.2-12.2.14 - Unauthenticated Content Injection via ActiveMQ Discovery Service
CVSS 8.3
Details
Vulnerabilities 45,468
Exploit Likelihood High